As those of you who read here regularly know, I often post from my subscription to Stratfor. I find Stratfor to be an outstanding resource. Although it is not cheap, it is quite a bargain in terms of value received. What I share here is a small fraction of what I receive from Stratfor. I have subscribed for several years now, and find the high quality it achieves to be quite consistent over time and have paid for a lifetime subscription.

I post generously here on this forum a tiny percentage of what I receive from Stratfor and feel morally obligated to help them out from time to time. Here's this from www.Stratfor.com :=====================

Dear Friend of Stratfor:

What a tremendously gratifying couple of weeks! Hundreds of you signed up for either new Memberships or extended your existing ones. Your vote of confidence in the quality of our intelligence work is tremendously appreciated.

As a special thank-you, I've set things up so you can offer a friend - as many friends as you like actually - a completely free 30-day Stratfor Membership. If you've ever sent a friend an especially good article or discussed a podcast you heard, you can now give your friends the entire Stratfor experience.

I am NOT looking to turn Stratfor into some goofy multi-level marketing scheme. Your friends won't have to enter a credit card, or even their names, just an email address to receive intelligence. I will send them exactly two emails during their free Membership with a nice offer to become a regular Member, but that's it. If they decide 30 days is all they wanted, no problem at all and we wish them well.

If you're already a Stratfor Member, forward this email to a friend

If your friend sent you this opportunity, click here for a free 30-day Membership I'm doing this for two reasons. In joining as a paying Member, you've made it (financially) explicit that Stratfor has real value for you. I want to make it possible for you to give something of value to your associates. I'm always interested personally in new ways that I can help out a friend. Secondly, I'll make no bones that I'm looking to grow our business. Every additional Member I add means more resources that we can invest in building out our intelligence network, expanding our maps/multimedia capabilities, and creating new features like the Stratfor Bookshelf.

Again, all of us at Stratfor look forward to continuing to provide the very best in geopolitical intelligence. So stay tuned for more, new, and better!

Wonder who did it? Stratfor does seem to have some uncommon intel , , ,

===============

Stratfor Hacked, 200GB Of Emails, Credit Cards Stolen, Client List Released, Includes MF Global, Rockefeller FoundationSubmitted by Tyler Durden on 12/24/2011 - 21:10Goldman Sachs goldman sachs MF Global TwitterThis Christmas will not be a happy one for George Friedman (who incidentally was the focus of John Mauldin's latest book promotion email blast) and his Stratfor Global Intelligence service, because as of a few hours ago, hacking collective Anonymous disclosed that not only has it hacked the Stratfor website (since confirmed by Friedman himself), but has also obtained the full client list of over 4000 individuals and corporations, including their credit cards (which supposedly have been used to make $1 million in "donations"), as well as over 200 GB of email correspondence. And since the leaked client list is the who is who of intelligence, and capital management, including such names as Goldman Sachs, the Rockefeller Foundation and, yep, MF Global, we are certain that not only Stratfor and its clients will be waiting with bated breath to see just what additional troves of information are unleashed, but virtually everyone else, in this very sensitive time from a geopolitical point of view. And incidentally, we can't help but notice that Anonymous may have finally ventured into the foreign relations arena. We can only assume, for now, that this is not a formal (or informal) statement of allegiance with any specific ideology as otherwise the wargames in the Straits of Hormuz may soon be very inappropriately named (or halfway so).

On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.

Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor's "private clients." Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.

We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.

In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:

- contact your financial institution and inform them of this incident;- if you see any unauthorized activity on your accounts promptly notify your financial institution;- submit a complaint with the Federal Trade Commission ("FTC") by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and- contact the three U.S. credit reporting agencies: Equifax (http://www.equifax.com/ or (800) 685-1111), Experian (http://www.experian.com/ or (888) 397-3742), and TransUnion (http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.

To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.

We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.

Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them — an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

Fred Burton, Stratfor’s vice president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation.

Stratfor has protections in place meant to prevent such attacks, he said.

But I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against, Burton said.

—–

^^^ That is just utter nonsense as an excuse for a failure to simply encrypt your data. And this by a security experts company. That’s like saying “Well if somebody really wants to burglarize your house, there’s no sense in locking your door.” Or “If an attacker really wants to kill your principal, they’re going to be able to do it, so why waste resources on DSS agents with guns and armored vehicles.”

LONDON—Members of the loose-knit movement "Anonymous" claimed on Sunday to have stolen a raft of emails and credit-card data from U.S.-based security think tank Stratfor, promising it was just the start of a weeklong, Christmas-inspired assault on a long list of targets.

One alleged Anonymous affiliate said the goal was to use the credit data to take a million dollars—including, apparently, from individuals' accounts—and give the money away as Christmas donations. Images posted online claimed to show the receipts.

A Twitter account tied to Anonymous posted a link to what they said was Stratfor's tightly guarded, confidential client list. Among those on the list: The U.S. Army, the U.S. Air Force and the Miami Police Department.

The rest of the list, which the hacking movement said was a small slice of its 200 gigabytes of plunder, included banks, law-enforcement agencies, defense contractors and technology firms.

"Not so private and secret anymore?" the group taunted in a message on the microblogging site.

Austin, Texas-based Stratfor provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.

Stratfor said in an email to members that it had suspended its servers and email after learning that its website had been hacked.

"We have reason to believe that the names of our corporate subscribers have been posted on other websites," said the email, passed on to the Associated Press by subscribers. "We are diligently investigating the extent to which subscriber information may have been obtained."

The email, signed by Stratfor Chief Executive George Friedman, said the company is "working closely with law enforcement to identify who is behind the breach."

"Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me," Mr. Friedman wrote.

Calls to Stratfor went unanswered Sunday and an answering machine thanked callers for contacting the "No. 1 source for global intelligence."

Lt. Col. John Dorrian, public-affairs officer for the Air Force, said that "for obvious reasons" the Air Force doesn't discuss specific vulnerabilities, threats or responses to them. "The Air Force will continue to monitor the situation and, as always, take apporpriate action as necessary to protect Air Force networks and information," he said in an email.

Miami Police Department spokesman Sgt. Freddie Cruz Jr. said that he couldn't confirm that the agency was a client of Stratfor, and he said he hadn't received any information about any security breach involving the police department.

Anonymous said it was able to get the credit details in part because Stratfor didn't encrypt them. Hours after publishing what it claimed was Stratfor's client list, Anonymous tweeted a link to encrypted files online. It said the files contained 4,000 credit cards, passwords and home addresses belonging to individuals on the think tank's private client list.

It also linked to images online that it suggested were receipts for charitable donations made by the group manipulating the credit-card data it stole.

"Thank you! Defense Intelligence Agency," read the text above one image that appeared to show a transaction summary indicating that an agency employee's information was used to donate $250 to a nonprofit group.

One receipt—to the American Red Cross—had Allen Barr's name on it. Mr. Barr, of Austin, recently retired from the Texas Department of Banking and said he discovered last Friday that a total of $700 had been spent from his account. Mr. Barr, who has spent more than a decade dealing with cybercrime at banks, said five transactions were made in total.

"It was all charities, the Red Cross, CARE, Save the Children. So when the credit-card company called my wife she wasn't sure whether I was just donating," said Mr. Barr, who wasn't aware until an AP reporter called that his information had been compromised when Stratfor's computers were hacked.

Wishing everyone a "Merry LulzXMas"—a nod to its spinoff hacking group Lulz Security—Anonymous also posted a link on Twitter to a site containing the email, phone number and credit number of a U.S. Homeland Security employee.

The employee, Cody Sultenfuss, said he had no warning before his details were posted. "They took money I did not have," he told The Associated Press in a series of emails, which didn't specify the amount taken. "I think why me? I am not rich."

One member of the hacking group, who uses the handle AnonymousAbu on Twitter, claimed that more than 90,000 credit cards from law enforcement, the intelligence community and journalists—"corporate/exec accounts of people like Fox" news—had been hacked and used to "steal a million dollars" and make donations.

It wasn't possible to verify where credit card details were used. Fox News, which is owned by Wall Street Journal parent News Corp., wasn't on the excerpted list of Stratfor members posted online. But other media organizations including MSNBC and Al Jazeera English appeared in the file.

Anonymous warned it has "enough targets lined up to extend the fun fun fun of LulzXmas through the entire next week."

In early December I received a call from Fred Burton, Stratfor's vice president of intelligence. He told me he had received information indicating our website had been hacked and our customer credit card and other information had been stolen. The following morning I met with an FBI special agent, who made clear that there was an ongoing investigation and asked for our cooperation. We, of course, agreed to cooperate. The matter remains under active investigation.

From the beginning I faced a dilemma. I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation. That immediate problem was solved when the FBI told us it had informed the various credit card companies and had provided those companies with a list of compromised cards while omitting that it had come from us. Our customers were therefore protected, as the credit card companies knew the credit cards and other information had been stolen and could act to protect the customers. We were not compelled to undermine the investigation.

The FBI made it clear that it expected the theft to be exposed by the hackers. We were under no illusion that this was going to be kept secret. We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn't happen again.

From the beginning, it was not clear who the attackers were. The term "Anonymous" is the same as the term "unknown." The popular vision of Anonymous is that its members are young and committed to an ideology. I have no idea if this is true. As in most affairs like this, those who know don't talk; those who talk don't know. I have my theories, which are just that and aren't worth sharing.

I was prepared for the revelation of the theft and the inevitable criticism and negative publicity. We worked to improve our security infrastructure within the confines of time and the desire to protect the investigation by not letting the attackers know that we knew of their intrusion. With the credit card information stolen, I assumed that the worst was done. I was wrong.

Early in the afternoon of Dec. 24, I was informed that our website had been hacked again. The hackers published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups. We had expected they would announce the credit card theft. We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups.

Attacks against credit cards are common, our own failures notwithstanding. So are the thefts of emails. But the deliberate attack on our digital existence was a different order of magnitude. As the global media marveled at our failure to encrypt credit card information, my attention was focused on trying to understand why anyone would want to try to silence us.

In the days that followed, a narrative evolved among people claiming to speak for Anonymous and related groups. It started with looking at our subscriber list and extracting corporate subscribers who were now designated as clients. The difference between clients and subscribers is important here. A client is someone you do customized work for. A subscriber is simply someone who purchases a publication, unchanged from what others read. A subscriber of The New York Times is not its client. Nevertheless, some of the media started referring to these subscribers as clients, reflecting the narrative of those claiming to speak with knowledge of our business.

From there, the storyline grew to argue that these "clients," corporate and government, provided Stratfor with classified intelligence that we reviewed. We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents and, conversely, the hub of a global conspiracy. The media focused on the first while the hacking community focused on the second.

This was why they stole our email, according to some of them. As one person said, the credit cards were extra, something they took when they realized they could. It was our email they were after. Obviously, we were not happy to see our emails taken. God knows what a hundred employees writing endless emails might say that is embarrassing, stupid or subject to misinterpretation. What will not appear is classified intelligence from corporations or governments. They may find, depending on what they took, that we have sources around the world, as you might expect. It is interesting that the hacker community is split, with someone claiming to speak for the official Anonymous condemning the hack as an attack on the media, which they don't sanction, and another faction defending it as an attack on the rich and powerful.

The interpretation of the hackers as to who we are -- if indeed that was their interpretation -- was so wildly off base as to stretch credulity. Of course, we know who we are. As they search our emails for signs of a vast conspiracy, they will be disappointed. Of course we have relationships with people in the U.S. and other governments and obviously we know people in corporations, and that will be discovered in the emails. But that's our job. We are what we said we were: an organization that generates its revenues through geopolitical analysis. At the core of our business, we objectively acquire, organize, analyze and distribute information.

I don't know if the hackers who did this feel remorse as they discover that we aren't who they said we were. First, I don't know who they actually are, and second, I don't know what their motives were. I know only what people claiming to be them say. So I don't know if there is remorse or if their real purpose was to humiliate and silence us, in which case I don't know why they wanted that.

And this points to the real problem, the one that goes beyond Stratfor's own problem. The Internet has become an indispensible part of our lives. We shop, communicate, publish and read on it. It has become the village commons of the planet. But in the village commons of old, neighbors who knew and recognized each other met and lived together. Others knew what they did in the commons, and they were accountable.

In the global commons, anonymity is an option. This is one of the great virtues of the Internet. It is also a terrible weakness. It is possible to commit crimes on the Internet anonymously. The technology that enables the Internet also undermines accountability. Given the profusion of technical knowledge, the integrity of the commons is in the hands of people whose identities we don't know, whose motives we don't understand, and whose ability to cause harm is substantial. The consequence of this will not be a glorious anarchy in the spirit of Guy Fawkes, but rather a massive repression. I think this is a pity. That's why I wonder who the hackers actually are and what cause they serve. I am curious as to whether they realize the whirlwind they are sowing, and whether they, in fact, are trying to generate the repression they say they oppose.

The attempt to silence us failed. Our website is back, though we are waiting for all archives to be restored, and our email is working again. Our failures have been reviewed and are being rectified. We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up. The work isn't finished yet, but we can start delivering our analyses. The handling of credit cards is being handed off to a third party with appropriate capability to protect privacy. We have acted to help our customers by providing an identity theft prevention service. As always, we welcome feedback from our supporters as well as our critics.

We are fortunate that we have the financial resources and staff commitment to survive the attack. Others might not. We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. Take a look at the list of organizations attacked. If the crushing attack on Stratfor is the new model, we will not be the last. No security system is without flaws even if it is much better than Stratfor's was.

We certainly expect to be attacked again, as we were last week when emails were sent out to members from a fake Stratfor address including absurd messages and videos. Our attackers seem peculiarly intent on doing us harm beyond what they have already done. This is a new censorship that doesn't come openly from governments but from people hiding behind masks. Do not think we will be the last or that we have been the first.

We will continue to publish analysis and sell it to those who believe it has value. To our subscribers who have expressed such strong support, we express our deepest gratitude. To our critics, we assure you that nothing you have said about us represents a fraction of what we have said about ourselves. While there is much not to be proud of in this affair, I am proud beyond words of all my dedicated colleagues at Stratfor and am delighted to return our focus to analyzing critical international affairs.

To all, I dedicate myself to denying our attackers the prize they wanted. We are returning to the work we love, dedicated to correcting our mistakes and becoming better than ever in analyzing and forecasting how the world works.

We have acted to help our customers by providing an identity theft prevention service.

As always, we welcome feedback from our supporters as well as our critics.

It's good to see Stratfor back in stride; I appreciate their analysis. Like I say about a good economist, I don't expect them to know the future, just to give good analysis of what has happened so far and what is happening now.

I thought they explained and handled the attack on their organization and their customers as well as is possible. They were accused of not encrypting data and they admitted that, explained it, apologized and corrected it. My view is that they saw their business as primarily the creation of these reports rather than marketing sales and distribution. From the larger story it sounds like the financial data was the perhaps the least significant of the losses. It is a warning shot for all of us of the dangers of lost privacy and putting our trade secrets on the cloud or on an fully interconnected information system. Somehow I doubt ordinary encryption would have thwarted much of what went wrong on an attack that large and sophisticated. Look at Wikileaks. The top intelligence agencies in the world were all hacked recently and repeatedly as well. Crafty, as one who was likely a victim, I wonder how you feel about what happened. I sympathize with all including Strat as the largest victim. They had their whole business model jeopardized, plus each customer compromised. They were guilty of a malpractice and did what they could to come clean and make it right. Sounds like they bought each customer an identity theft package. Now you have one more business out there storing all your data.

This could go in some other thread, but a person should have a credit card or account just for these types of purchases with very low limit and a distinct and limited purchase pattern as the first line of protection.

It is with great personal disappointment I have to inform you that I will resign from my position as CEO for Stratfor to immediate effect.

Please rest assured that this decision was not an easy. But in the light of the recent events, especially the release of our company emails by WikiLeaks, I have decided that stepping down is in the best interest of Stratfor and its customer base.

I want to emphasize that this will have no effect on Stratfor's business or its members and we will continue to provide state-of-the-art intelligence services.

Regarding the latest breach, Stratfor is fully in control of the situation However, while I cannot take any personal responsibility for this incident, I still have to admit that mistakes have been made on our side. To be clear: We certainly do not condone any criminal activities by groups like Anonymous or other hackers. This is theft and we will continue to cooperate with law enforcement to bring those responsible to justice. But we must acknowledge that this incident would not have been possible if Stratfor had implemented stronger data protection mechanisms - which will be the case from now on. Indeed we will immediately move to implement the latest, and most comprehensive, data security measures.

While I played no role in our technical operations, as the company's CEO I do accept full responsibility thus will resign from my position effective immediately.

WikiLeaks announced on Sunday that it would expose the e-mail correspondence from the global geopolitical analysis firm known as Stratfor, detailing the work of the company for clients. WikiLeaks did not disclose how it obtained the e-mails, but Stratfor acknowledged in December that its data servers were breached by a group of hackers known as Anonymous. The loose-knit group publicly supports WikiLeaks.

RelatedIn Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics (February 27, 2012) Anonymous posted online the names, e-mails and credit card numbers of thousands of Stratfor subscribers. Now the contents of the e-mails are being exposed — five million pieces of correspondence in all, spanning seven years, WikiLeaks said. It added that the organization was analyzing the documents with the help of 25 publications around the world, including Rolling Stone in the United States, L’Espresso in Italy and The Hindu in India. WikiLeaks said that Stratfor kept many records on the group and its founder, Julian Assange, who is under house arrest in Britain and wanted for extradition to Sweden in connection with allegations of sex crimes.

“The material contains privileged information about the U.S. government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks,” the group said. “There are more than 4,000 e-mails mentioning WikiLeaks or Julian Assange.”

As most of you know, in December thieves hacked into Stratfor data systems and stole a large number of company emails, as well as private information of Stratfor subscribers and friends. Today Wikileaks is publishing the emails that were stolen in December. This is a deplorable, unfortunate -- and illegal -- breach of privacy.

Some of the emails may be forged or altered to include inaccuracies. Some may be authentic. We will not validate either, nor will we explain the thinking that went into them. Having had our property stolen, we will not be victimized twice by submitting to questions about them.

The disclosure of these emails does not mean that there has been another hack of Stratfor's computer and data systems. Those systems, which we have rebuilt with enhanced security measures, remain secure and protected.

The release of these emails is, however, a direct attack on Stratfor. This is another attempt to silence and intimidate the company, and one we reject. As you can see, emails sent to many people about my resignation were clearly forged.

We do not know what else has been manufactured. Stratfor will not be silenced, and we will continue to publish the geopolitical analysis our friends and subscribers have come to rely on.

As we have said before, Stratfor has worked to build good sources in many countries around the world, as any publisher of geopolitical analysis would do.

We are proud of the relationships we have built, which help our analysts better understand the issues in many of these countries through the eyes of people who live there.

We have developed these relationships with individuals and partnerships with local media in a straightforward manner, and we are committed to meeting the highest standards of professional and ethical conduct.

Stratfor is not a government organization, not is it affiliated with any government. The emails are private property. Like all private emails, they were written casually, with no expectation that anyone other than the sender and recipient would ever see them. And clearly, as with my supposed resignation letter, some of the emails may be fabricated or altered.

Stratfor understands that this hack and the fallout from it have created serious difficulties for our subscribers, friends and employees. We again apologize for this incident, and we deeply appreciate the loyalty that has been shown to Stratfor since last year's hack.

We want to assure everyone that Stratfor is recovering from the hack. We will continue to do what we do best: produce and publish independent analysis of international affairs. And we will be back in full operation in the coming weeks. We look forward to continuing to serve you.